Trendyol - Head of Information Security

Istanbul / Maslak2mo ago

In Office Director EMEA Cybersecurity Cloud Computing Head of Information Security Team Management Team Leadership Risk Management Regulatory Compliance Risk Assessment

Upload My Resume

Drop here or click to browse · Tap to choose · PDF, DOCX, DOC, RTF, TXT

Apply in One Click

Requirements

• Define and lead the overall security risk, compliance, and governance strategy aligned with organizational objectives and regulatory requirements. • Establish and continuously evolve enterprise-wide frameworks, policies, and standards covering information security, risk management, compliance governance, and control monitoring. • Provide strategic leadership across security engineering, risk management, and compliance teams, ensuring alignment between operational execution and long-term organizational goals. • Oversee regulatory compliance programs (e.g., GDPR, PCI-DSS, ISO 27001, SOX, local regulations) and ensure audit readiness and sustainable control environments. • Drive enterprise risk assessment processes, define risk appetite in collaboration with senior leadership, and oversee mitigation strategies. • Partner with executive stakeholders, including Engineering, Product, Legal, Internal Audit, and senior business leaders, to embed security and governance practices into business operations. • Lead third-party risk management, vendor compliance programs, and external regulatory relationships where applicable. • Define KPIs, metrics, and maturity models to measure effectiveness of security and governance programs and drive continuous improvement. • Foster a strong security culture through awareness initiatives, training programs, and proactive communication across the organization. • Define and drive the enterprise-wide data security strategy, ensuring robust safeguards for sensitive information across cloud services, applications, and endpoints. • Lead the security architecture and design of the company's projects, initiatives and infrastructures. • Build, mentor, and scale high-performing teams while establishing strong leadership pipelines. • Bachelor’s or Master’s degree in Information Security, Engineering or a related field. • Minimum 10 years of experience in information security, compliance, governance, or risk management roles including significant leadership experience. • Proven track record of building and scaling enterprise security governance frameworks and compliance programs. • Proficiency in security design and architecture. • Significant experience in data security such as data leakage prevention and data classification. • Deep understanding of regulatory environments and standards such as ISO 27001, GDPR, PCI-DSS, SOX, or similar. • Relevant certifications (e.g., CISSP, CISM, CRISC, ISO 27001 Lead Implementer) are preferred. • Strategic thinker with the ability to influence and guide decision-making at the executive level. • Excellent leadership, communication, and stakeholder management skills. • Capacity to adapt to a fast-paced and evolving environment. Commitment to staying updated on the latest security trends and technologies. • Fluency in English (written and verbal).

Responsibilities

• Define and lead the overall security risk, compliance, and governance strategy aligned with organizational objectives and regulatory requirements. • Establish and continuously evolve enterprise-wide frameworks, policies, and standards covering information security, risk management, compliance governance, and control monitoring. • Provide strategic leadership across security engineering, risk management, and compliance teams, ensuring alignment between operational execution and long-term organizational goals. • Oversee regulatory compliance programs (e.g., GDPR, PCI-DSS, ISO 27001, SOX, local regulations) and ensure audit readiness and sustainable control environments. • Drive enterprise risk assessment processes, define risk appetite in collaboration with senior leadership, and oversee mitigation strategies. • Partner with executive stakeholders, including Engineering, Product, Legal, Internal Audit, and senior business leaders, to embed security and governance practices into business operations. • Lead third-party risk management, vendor compliance programs, and external regulatory relationships where applicable. • Define KPIs, metrics, and maturity models to measure effectiveness of security and governance programs and drive continuous improvement. • Foster a strong security culture through awareness initiatives, training programs, and proactive communication across the organization. • Define and drive the enterprise-wide data security strategy, ensuring robust safeguards for sensitive information across cloud services, applications, and endpoints. • Lead the security architecture and design of the company's projects, initiatives and infrastructures. • Build, mentor, and scale high-performing teams while establishing strong leadership pipelines. • Expected Qualifcations • Bachelor’s or Master’s degree in Information Security, Engineering or a related field. • Minimum 10 years of experience in information security, compliance, governance, or risk management roles including significant leadership experience. • Proven track record of building and scaling enterprise security governance frameworks and compliance programs. • Proficiency in security design and architecture. • Deep understanding of regulatory environments and standards such as ISO 27001, GDPR, PCI-DSS, SOX, or similar. • Relevant certifications (e.g., CISSP, CISM, CRISC, ISO 27001 Lead Implementer) are preferred. • Strategic thinker with the ability to influence and guide decision-making at the executive level. • Excellent leadership, communication, and stakeholder management skills. • Capacity to adapt to a fast-paced and evolving environment. Commitment to staying updated on the latest security trends and technologies. • Fluency in English (written and verbal).

Benefits

• Hybrid working model with flexibility: a schedule that helps you find the right balance between flexibility and team bonding, including work-from-abroad opportunities and a summer working model. • Customisable FlexBenefits budget: Adjust your daily meal allowance, choose your health insurance package (and extend it to your spouse or children), and pick from additional benefits like fuel support or Trendyol shopping credits. • Well-being support: Access to location-based in-house doctors, as well as psychologist and dietitian support, and HPV vaccination provision. • Personalised training allowance and learning opportunities: Use your annual budget for any training or conference of your choice, explore our Learning Management System (LMS) anytime, and join in-person learning sessions offered throughout the year. • Responsibility from day one: Take full ownership from the start in a culture where every voice is heard and valued. • A diverse, international team: Collaborate with global peers across our offices in Berlin, Amsterdam, Dubai, and beyond, in a startup-spirited and collaborative environment. • Opportunities to grow with the best: Tackle meaningful challenges, develop through hands-on experience, and grow with the support of expert guidance and global mentoring. • Meaningful connections beyond tasks: Be part of team rituals, events, and social activities that help us stay connected and inspired. • Take the Next Step • If this role excites you, apply today, we look forward to taking the next step with you. • Want to get to know the team better first? Explore our Career Website, LinkedIn, or YouTube to learn more about #LifeatTrendyol and how we work.

Get Started Free

No credit card. Takes 10 seconds.

Requirements

Responsibilities

• Define and lead the overall security risk, compliance, and governance strategy aligned with organizational objectives and regulatory requirements. • Establish and continuously evolve enterprise-wide frameworks, policies, and standards covering information security, risk management, compliance governance, and control monitoring. • Provide strategic leadership across security engineering, risk management, and compliance teams, ensuring alignment between operational execution and long-term organizational goals. • Oversee regulatory compliance programs (e.g., GDPR, PCI-DSS, ISO 27001, SOX, local regulations) and ensure audit readiness and sustainable control environments. • Drive enterprise risk assessment processes, define risk appetite in collaboration with senior leadership, and oversee mitigation strategies. • Partner with executive stakeholders, including Engineering, Product, Legal, Internal Audit, and senior business leaders, to embed security and governance practices into business operations. • Lead third-party risk management, vendor compliance programs, and external regulatory relationships where applicable. • Define KPIs, metrics, and maturity models to measure effectiveness of security and governance programs and drive continuous improvement. • Foster a strong security culture through awareness initiatives, training programs, and proactive communication across the organization. • Define and drive the enterprise-wide data security strategy, ensuring robust safeguards for sensitive information across cloud services, applications, and endpoints. • Lead the security architecture and design of the company's projects, initiatives and infrastructures. • Build, mentor, and scale high-performing teams while establishing strong leadership pipelines. • Expected Qualifcations • Bachelor’s or Master’s degree in Information Security, Engineering or a related field. • Minimum 10 years of experience in information security, compliance, governance, or risk management roles including significant leadership experience. • Proven track record of building and scaling enterprise security governance frameworks and compliance programs. • Proficiency in security design and architecture. • Deep understanding of regulatory environments and standards such as ISO 27001, GDPR, PCI-DSS, SOX, or similar. • Relevant certifications (e.g., CISSP, CISM, CRISC, ISO 27001 Lead Implementer) are preferred. • Strategic thinker with the ability to influence and guide decision-making at the executive level. • Excellent leadership, communication, and stakeholder management skills. • Capacity to adapt to a fast-paced and evolving environment. Commitment to staying updated on the latest security trends and technologies. • Fluency in English (written and verbal).

Benefits